2877 matches found
CVE-2020-7537
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum & Modicon Premium see security notifications for affected versions, that could cause denial of service when a specially crafted Read Physical Memo...
CVE-2020-7543
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum & Modicon Premium see security notifications for affected versions, that could cause denial of service when a specially crafted Read Physical Memo...
Design/Logic Flaw
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum & Modicon Premium see security notifications for affected versions, that could cause denial of service when a specially crafted Read Physical Memo...
CVE-2020-7537
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum & Modicon Premium see security notifications for affected versions, that could cause denial of service when a specially crafted Read Physical Memo...
Aruba Networks ArubaOS Command Injection Vulnerability
Aruba Networks ArubaOS is an operating system for Aruba Mobility-Defined Networks including Mobility Controllers and Mobility Access Switches from Aruba Networks, Inc. A security vulnerability exists in ArubaOS. No information about this vulnerability is available at this time, so please stay tun...
The vulnerability of the XHCI interface of USB controllers in VMware ESXi, VMware Workstation, VMware Fusion, and the VMware Cloud Foundation virtualization platform allows a perpetrator to execute arbitrary code.
The vulnerability of the XHCI Extensible Host Controller Interface interface of USB controllers in VMware ESXi, VMware Workstation, VMware Fusion, and VMware Cloud Foundation virtualization platforms is related to the use of memory after release. Exploiting this vulnerability can allow an attacke...
The vulnerability in the web interface for managing data collection and aggregation from Cisco DNA Spaces Connector controllers and access points allows a hacker to execute arbitrary commands.
The vulnerability in the web interface for managing data collection and aggregation from Cisco DNA Spaces Connector controllers and access points is related to the failure to eliminate special elements used in the operating system’s commands. Exploiting this vulnerability allows a malicious actor...
The vulnerability of Intel Ethernet Series 700 controllers, which stems from the improper use of security mechanisms, allows attackers to trigger a service failure or increase their privileges.
The vulnerability of Intel Ethernet Series 700 controllers is related to the improper use of security mechanisms. Exploiting this vulnerability can allow attackers to cause service failures or increase their privileges...
Zerologon is now detected by Microsoft Defender for Identity
There has been a huge focus on the recently patched CVE-2020-1472 Netlogon Elevation of Privilege vulnerability, widely known as ZeroLogon. While Microsoft strongly recommends that you deploy the latest security updates to your servers and devices, we also want to provide you with the best...
November 17, 2020—KB4594442 (OS Build 17763.1579) Out-of-band
November 17, 2020—KB4594442 OS Build 17763.1579 Out-of-band 11/10/20 IMPORTANT Because of minimal operations during the holidays and the upcoming Western new year, there won’t be a preview release known as a “C” release for the month of December 2020. There will be a monthly security release know...
Symantec Reports on Cicada APT Attacks against Japan
Symantec is reporting on an APT group linked to China, named Cicada. They have been attacking organizations in Japan and elsewhere. Cicada has historically been known to target Japan-linked organizations, and has also targeted MSPs in the past. The group is using living-off-the-land tools as well...
APT Exploits Microsoft Zerologon Bug: Targets Japanese Companies
China-backed APT Cicada joins the list of threat actors leveraging the Microsoft Zerologon bug to stage attacks against their targets. In this case, victims are large and well-known Japanese organizations and their subsidiaries, including locations in the United States. Researchers observed a...
Unspecified Vulnerability in Intel Ethernet 700 Series Controllers
Intel Ethernet 700 Series Controllers is a 700 series Ethernet controller from Intel Corporation USA. A security vulnerability exists in IntelR Ethernet 700 Series Controllers prior to version 7.3, which stems from a protection mechanism failure that can be exploited by a privileged user to...
November 19, 2020—KB4594441 (OS Build 14393.4048) Out-of-band
November 19, 2020—KB4594441 OS Build 14393.4048 Out-of-band UPDATED 11/19/20 For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. To view other notes and messages, see the Windows 10, version 1607 update history...
Saia Burgess Controls PCD Controller Hard-coded Password Vulnerability
OVERVIEW Independent researcher Artyom Kurbatov has identified a hard-coded password vulnerability in Saia Burgess Controls’s family of PCD controllers. Saia Burgess Controls has produced a new firmware version to mitigate this vulnerability. Artyom Kurbatov has tested the new firmware version to...
Denial Of Service (DoS)
linux-kvm is vulnerable to denial of service. Resource leak in the i40e driver for IntelR Ethernet 700 Series Controllers allows an authenticated user to potentially cause a denial of service condition via local access...
CVE-2020-8691
A logic issue in the firmware of the IntelR Ethernet 700 Series Controllers may allow a privileged user to potentially enable escalation of privilege and/or denial of service via local access...
Session fixation
Protection mechanism failure in IntelR Ethernet 700 Series Controllers before version 7.3 may allow a privileged user to potentially enable escalation of privilege and/or denial of service via local access...
Improper access control
Insufficient access control in the firmware of the IntelR Ethernet 700 Series Controllers before version 7.3 may allow a privileged user to potentially enable escalation of privilege and/or denial of service via local access...
Design/Logic Flaw
A logic issue in the firmware of the IntelR Ethernet 700 Series Controllers may allow a privileged user to potentially enable escalation of privilege and/or denial of service via local access...